An Open Access Peon

24 April 2012

VirtualBox guest with Host-Only Networking and NAT

Follow-up: the much easier way to allow external access plus access to the VM from the host is to use two Network devices. Set the first network device to be "NAT" and the second to "Host only adapter".

The Host-Only networking in VirtualBox 4.1 allows the host/guest to talk to each other but requires some extra steps to allow the guest to access the outside world. We can use NAT on the host machine to NAT the virtual network through the host's real interface.

Configure the VirtualBox guest's network to use Host-Only Networking:

You will need to set up static networking on the guest O/S because the VirtualBox DHCP server won't assign a gateway or DNS servers. Replace 192.168.56.101 with the guest's IP address and modify the DNS to your local network settings:

# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.56.101 netmask 255.255.255.0 network 192.168.56.0 broadcast 192.168.56.255 gateway 192.168.56.1 dns-search your-domain.example dns-nameservers 8.8.8.8 8.8.4.4

On the Host machine edit /etc/default/ufw:

DEFAULT_FORWARD_POLICY="ACCEPT"

Uncomment net/ipv4/ip_forward and net/ipv6/conf/default/forwarding in /etc/ufw/sysctl.conf:

net/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1

Add masquerading rules to the top of /etc/ufw/before.rules:

# NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic from eth1 through eth0. -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE # commit the NAT rules COMMIT

(Re)enable the ufw:

sudo ufw disable sudo ufw enable

3 Comments:

  • your postrouting rule in iptables does not correspond to what you've described in the text i.e.: "Forward traffic from eth1 through eth0".
    Also, the interface for VBox is vboxnet0 and not eth0/eth1 so it also seems to be incorrect

    By Blogger Marek Hajduczenia, at 7:27 pm  

  • I am confused but the configuration parameters you propose. First, DNS is set to 8.8.8.8 and 8.8.4.4, which is outside the IP address range existing in the network. Probably, it should be the same as your gateway
    Second, your postrouting rule in the iptables does not correspond to the descriptive text: "-A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE" checks only the output port, not the input put.
    Third, you say you filter on eth0 and eth1, but with VBox running host-only network, the interface receiving the frames from VMs is called vboxnet0 (typically).
    Can you please confirm whether this is the actual configuration you've been running successfully?

    By Anonymous Anonymous, at 7:52 pm  

  • Note: 8.8.8.8/8.8.4.4 are Google's public DNS servers (i.e. they'll work from anywhere).

    I'm not actually using this approach at all now. Our network has full IPv6 support so I can just add a bridged network adapter and my VMs pick up a stable, routable IPv6 address.

    By Blogger Tim Brody, at 11:08 am  

Post a Comment

<< Home